Question

ACCESS CONTROLS Security Policies / Enterprise Security Strategy Plan

Instructions: In NO LESS than 200 words, answer the following question.

Create an outline that could serve as a template for creating future security policies for an IT Network's Access Controls. Your template should reflect 2–3 key parts of a security policy related to intranet operations.

For each element you include in your outline template, give two sentences describing the information that should be included. It is acceptable if you want to borrow elements from an actual security policy from a company; however, ORIGINAL WORK IS A MUST.

The following are suggestions of items to consider as key parts of a security policy:

Threat

Policy statement

Responsibilities

Guidelines and user procedure

Information technology procedures

Compliance and enforcement

Answer 1

Create an outline that could serve as a template for creating future security policies for an IT Network's Access Controls. Your template should reflect 2–3 key parts of a security policy related to intranet operations.

We used network access control to control who or what has authorised persmission to access network.Permission can be for users as well for device also.The NAC network intercepts the connection requests, which are then authenticated against a designated identity and access management system. Access is either accepted or denied based on a pre-determined set of parameters and policies that are programmed into the system.

Information security is deemed to safeguard three main objectives:

Confidentiality – data and information assets must be confined to people authorized to access and not be disclosed to others;
Integrity – keeping the data intact, complete and accurate, and IT systems operational;
Availability – an objective indicating that information or system is at disposal of authorized users when needed.

For each element you include in your outline template, give two sentences describing the information that should be included. It is acceptable if you want to borrow elements from an actual security policy from a company; however, ORIGINAL WORK IS A MUST.

The following are suggestions of items to consider as key parts of a security policy:

Threat: There can be threat from third party for security reason. Like recently we can ransomware threat where attacker stole or encrypt our file and demand for money to give back files or decrypt them.

Policy statement: There can be a vast area of security policies so we should have a set of policies to govern users and devices connecting to the network based on specific situations such as user profile, device type or user location.

Responsibilities: We should appoint someone who can compliance these securities on employees. He should maaintain that all are following security procedure which includes maintaince of data confidentiality and data integrity.If some one fail to follow these procedure then he should take disciplinary action against them.

Guidelines and user procedure: There should be set of user procedure and guildlines to follow all the intranet users and fail to do so will result in disciplary action.

Information technology procedures: There should Information technical procedure set by network administrator for applying these procedure.

Compliance and enforcement: All compilance should to enforce to the user for setup of securities.